One thing to note is that the auth_checker configuration should be placed under the site configuration (usually under the farm entry). Here’s an example:

# each farm configures a set off (loadbalanced) renders
/farms
{
# first farm entry (label is not important, just for your convenience)
/website
{
# Authorization checker: before a page in the cache is delivered, a HEAD
# request is sent to the URL specified in 'url' with the query string
# '?uri='. If the response status is 200 (OK), the page is returned
# from the cache. Otherwise, the request is forwarded to the render and
# its response returned.
/auth_checker
{
# request is sent to this URL with '?uri=' appended
/url "/bin/permissioncheck.html"
# only the requested pages matching the filter section below are checked,
# all other pages get delivered unchecked
/filter
{
/0000
{
/glob "*"
/type "deny"
}
/0001
{
/glob "*.html"
/type "allow"
}
}
# any header line returned from the auth_checker's HEAD request matching
# the section below will be returned as well
/headers
{
/0000
{
/glob "*"
/type "deny"
}
/0001
{
/glob "Set-Cookie:*"
/type "allow"
}
}
}
# client headers which should be passed through to the render instances
# (feature supported since dispatcher build 2.6.3.5222)
/clientheaders
{
...

Testing

To test the PermissionHeadServlet created for permission sensitive caching delivery purposes, the curl command would be your friend. Here are some examples of the commands to retrieve the authentication status on a “locked-down” item in DAM: